The Securities and Exchange Board of India (SEBI) has asked KYC Registration Agencies (KRAs) to report all types of cyber attacks, threats and cyber breaches within 6 hours of detection. According to the circular issued by SEBI on Tuesday, such cases will also have to be reported to the Indian Computer Emergency Response Team (CERT-In) as per the guidelines issued from time to time.
In addition, the KRA will also have to inform the National Critical Information Infrastructure Protection Center (NCIIPC) about such cases. SEBI on Tuesday said that all cyber attacks, threats and breaches will have to be reported to the KRA within 6 hours.
The stockbrokers and depository participants will have to report cyber attacks, risks and breaches in their quarterly reports and the measures taken to combat them. This report has to be submitted to SEBI within 15 days from the end of every quarter. This information will be given to SEBI through an e-mail ID. The regulator had last month issued similar instructions for stockbrokers and depository participants as well.
11 international bodies, including tech giants such as Google, Facebook and HP, had conveyed their concern to CERT-In Director General Sanjay Behl. It was said that the new directive, which has to report incidents of cyber attacks within 6 hours and store user logs for 5 years, will make it difficult for these companies to do business in the country.
Significantly, cyber attacks are becoming a cause of concern for countries around the world. All countries including America are taking steps to deal with them. In this sequence, the Government of India and its agencies are also taking action. In the US, a top-level meeting regarding this was held earlier this year. Earlier this year, representatives of companies like Google, Apple and Amazon gathered in the White House. Dealing with cyber attacks was discussed in the meeting. Many other countries are also working on this.